<Sessions lifetime="28800" timeout="3600" checkAddress="true" relayState="ss:mem" handlerSSL="false" idpHistory="false">
    <SSO entityID="<%= @strategy.idp_entity_id %>">
      SAML2 SAML1
    </SSO>
    <Logout>Local</Logout>

    <Handler type="MetadataGenerator" Location="/Metadata" signing="false"/>
    <Handler type="Status" Location="/Status" acl="127.0.0.1"/><!-- NOTE: this acl bit, makes this Shibboleth.sso/Status url only available from the server, not publically, this is an important security feature. -->
    <Handler type="Session" Location="/Session" showAttributeValues="false"/>
    <Handler type="DiscoveryFeed" Location="/DiscoFeed"/>
</Sessions>
<Errors supportContact="<%= @strategy.error_support_contact %>" logoLocation="/shibboleth-sp/logo.jpg" styleSheet="/shibboleth-sp/main.css"/>
<MetadataProvider type="XML" file="<%= @host.prefixed_filepath_for("idp_metadata.xml") %>" />
<AttributeExtractor type="XML" validate="true" path="<%= @host.prefixed_filepath_for("attribute-map.xml") %>"/>
<AttributeResolver type="Query" subjectMatch="true"/>
<AttributeFilter type="XML" validate="true" path="<%= @host.prefixed_filepath_for("attribute-policy.xml") %>"/>
<CredentialResolver type="File">
	<Certificate>
		<Path><%= @host.prefixed_filepath_for("sp-cert.pem") %></Path>
	</Certificate>
	<Key>
		<Path><%= @host.prefixed_filepath_for("sp-key.pem") %></Path>
    <!-- 
    This key alias is used by Shibbleth's lil' Helper to
    determine whether or not a generated SP metadata is
    up-to-date. It is NOT used by anything Shibboleth.
    -->
    <Name><%= Slh::Models::Version::VERSION %></Name>
	</Key>
</CredentialResolver>



